Are there any security benefits to running as a Standard User in Windows 7 with UAC turned all the way up?

7

I currently have my Windows 7 machines set up so that my main user account, the one I use on a daily basis, is a Standard User. I have a separate account that is set as the Administrator.

The UAC is set to its most restrictive setting (Always Notify). This way, whenever an application needs administrative rights when I'm logged in to my Standard User account (which is 99% of the time), I receive a UAC prompt requiring me to input the password for my Administrator account.

I have subjected myself to this inconvenience with the belief that this setup provided me with some significant protection against possible security threats.

Is this an accurate perception? Or am I needlessly inconveniencing myself? Would I significantly increase the security risks to my system by turning the UAC setting down to a lower level?

Thanks for any advice you can offer.

(Reference: In 2009, Microsoft engineers specified that UAC is "not a security boundary.")

Mantis

Posted 2011-07-13T18:02:56.677

Reputation: 557

I'm pretty sure that UAC doesn't make it less secure. lol, but that's not really what you're asking. – James T Snell – 2011-07-13T18:22:12.340

It's so funny to think back to when UAC first came out. I swear, my workplace was ready to riot. . . – surfasb – 2011-07-13T20:32:16.580

UAC on 32 bit systems is a joke, malware has no problem making it past it since most of them are exploits, 64 bit OS is the way to go, at least you have kernel level protection that is not easily compromised. – Moab – 2011-07-13T21:48:40.697

Answers

12

(Reference: In 2009, Microsoft engineers specified that UAC is "not a security boundary.")

And they are perfectly right. Your concern should be your user role on the system. If you setup yourself as a regular user, but are always seeing UAC prompts or having to elevate your privileges through a password prompt in order to do your work, you are effectively an Administrator of your system and you should log on as one.

UAC prompt security would in fact be compromised if you didn't, because invariably you are going to start to hit prompt options mechanically and essentially reducing the UAC prompt to just a subconscious confirmation layer between you and your daily actions. Soon enough you won't be able to distinguished between a rightful prompt and a prompt you should actually be suspicious of.

So, in short, if you are administering your machine, if you are constantly requiring administrative access to your computer, you are your computer Administrator and you should set your account as such.

Conversely, a regular user shouldn't see many prompts. Their daily operations of opening applications, sending documents to be printed, reading and replying emails, aren't (or shouldn't be) operations that require administrative privileges. It's when they try to do something they shouldn't, like installing an application or trying to change system settings that UAC will step in. Then they call in for the system administrator to take a look and either elevate their privileges for that operation by writing his password, or refuse to take part of that folly.

...

Security is thus still mostly a user concern and responsibility. UAC helps, no doubt. But by establishing responsibility boundaries by clearly separating the user and administrator roles (something we didn't have on Microsoft desktop operating systems before Vista). Doing this, UAC helps ensure that most (if not all) security concerns are delegated to the administrator.

It certainly introduces features that complicate certain malware. UAC Virtualization is one of them. But UAC doesn't want to replace user roles. Again, if you are an administrator, log in as an administrator.

For a deep understanding of UAC, Read Inside Windows 7 User Account Control, by none other than Mark Russinovich, one of the professionals responsible for it. I suggest in particular you follow his links as you read the whole text. Most particularly the conference video, and the ones that read "UAC Internals" and "revisit the relationship between UAC and security", in the Contents section. But generally speaking you should hit all links to gain a deep understanding of this feature. All you probably ever wanted to know, is there.

It took me about 3 days to fully read and interiorize all the concepts within. But it's well worth it if you take it at your own pace.

A Dwarf

Posted 2011-07-13T18:02:56.677

Reputation: 17 756

1Thanks for your thoughtful comments. My understanding, though, is that running as an Administrator is definitely not a good idea from a security standpoint, because certain built-in security protections are not enabled when the logged-in user is an Administrator. I agree with you about the possibility that too-frequent UAC prompts can become "automatic" and thus detrimental. But nearly all of the UAC prompts I encounter are expected - they come when I'm installing software, etc. I keep the UAC turned up so that I can say "no" to the unexpected prompts - of which I've had a few over the years. – Mantis – 2011-07-13T18:44:23.413

1You can indeed keep UAC at the top (most secure) setting if you wish. certainly it's an added level of security. But You should understand UAC security as a domain-level security. Meant not exactly to secure a home computer, but to help enforce role-based security in a network. You are always going to hit "yes" when UAC shows up asking if you wish to install an application you just asked to be installed. You will however be suspicious if you are cruising the web and suddenly a UAC prompt pops up. And that level of security will also be achieved with an administrator account. – A Dwarf – 2011-07-13T19:00:27.280

let me see if I can find an excellent article that explains UAC in very detail... used to be on my bookmarks, but I've lost it after 2 years. – A Dwarf – 2011-07-13T19:01:37.403

Ok. Updated the post to add those fascinating links. Have fun. – A Dwarf – 2011-07-13T19:16:21.947

1I hate, hate, hate virtualisation. I disable it on each computer i configure. At least when i see “Access denied” i know what’s going on. – kinokijuf – 2013-12-05T08:11:36.580

Asked: 2011-07-13T18:02:56.677

Viewed: 1 009 times

Active: 2014-04-18T17:36:17.543